Primary

Context

Dragonfly Proxy Feature Timing Attack Vulnerability

Vulnerability

Patched

A timing attack vulnerability has been identified in the Proxy feature of Dragonfly, an open-source P2P-based file distribution and image acceleration system, in versions prior to 2.1.0. The vulnerability arises from the access control mechanism, which relies on simple string comparisons, allowing an attacker to guess passwords character by character. By sending all possible characters to a vulnerable comparison mechanism and measuring the execution times, an attacker could potentially exploit this flaw. The impact of gaining access to the proxy password is currently unclear.

Impact

Exploitation of this vulnerability allows for timing attacks against the Proxy feature's basic authentication, enabling password guessing one character at a time.

Remediation

Users can upgrade to Dragonfly version 2.1.0 or later to address this vulnerability.

Added: Sep 17, 2025, 8:21 PM

Updated: Sep 17, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dragonfly Proxy Feature Timing Attack Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Dragonfly

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating